Re: Who wants to test cracklinux??

From: Alan Cox
Date: Sun Apr 02 2006 - 19:14:26 EST

Next message: Patrick McHardy: "Re: bridge+netfilter broken for IP fragments in 2.6.16?"
Previous message: Thomas Zeitlhofer: "Re: bridge+netfilter broken for IP fragments in 2.6.16?"
In reply to: Arjan van de Ven: "Re: Who wants to test cracklinux??"
Next in thread: Jan Engelhardt: "Re: Who wants to test cracklinux??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Llu, 2006-04-03 at 00:39 +0200, Arjan van de Ven wrote:
> is there any difference? I mean... if you can outb you for all intents
> and purposes are root anyway ;) (like you can overwrite any memory in
> the system etc etc)

There are two clear uses

#1 Its possible to write such a module to allow only some ports to be
accessed, eg to export a PCI device for learning purposes

#2 As root you can make mistakes and mess up a box. Having the ability
to do stuff and having the default as "its allowed" differ. Giving
someone iopl rights is a bit like giving someone sudo. The security
against active attack is unchanged, the security against screwups is
higher

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick McHardy: "Re: bridge+netfilter broken for IP fragments in 2.6.16?"
Previous message: Thomas Zeitlhofer: "Re: bridge+netfilter broken for IP fragments in 2.6.16?"
In reply to: Arjan van de Ven: "Re: Who wants to test cracklinux??"
Next in thread: Jan Engelhardt: "Re: Who wants to test cracklinux??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]